Don’t believe what the user enters during login, the user’s input needs to be processed
SQL injection: (Recommended learning: PHP programming from entry to proficiency)
' or 1=1 #
Several functions to prevent SQL injection:
addslashes( $string): Use backslashes to quote special characters in the string ' " \
$username=addslashes($username);
mysql_escape_string($string): Use backslashes to escape characters in the string Special characters, used in mysql_query() queries.
$username=mysql_escape_string($username);
mysql_real_escape_string($string): Escape special characters in strings used in SQL statements, taking into account the current character of the connection Set, you need to ensure that the current connection state can be used before using this function, otherwise a warning will be reported. Do not escape % and _
$username=mysql_real_escape_string($username);
For example:
<?php
$clean = array();
$mysql = array();
$clean['last_name'] = "O'Reilly";
$mysql['last_name'] = mysql_real_escape_string($clean['last_name']);
$sql = "INSERT
INTO user (last_name)
VALUES ('{$mysql['last_name']}')";
?>The above is the detailed content of What functions in php can prevent SQL injection?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
